Federal Election Security Grants Don’t Go Far Enough

The U.S. Election Assistance Commission earlier this week announced how states plan to spend the $380 million in Help America Vote Act (HAVA) funds that Congress provided to bolster state election security. The states’ spending plans offer some promising signs, with nearly two-thirds of the federal dollars pegged for new voting equipment and enhanced cybersecurity measures. Yet the federal money is not nearly enough for states to make the investments needed to secure our elections, including replacement of antiquated, insecure voting equipment susceptible to hacking. Congress should provide more funds, and state and local election officials should be prepared to act alone if Congress won’t.

The largest category of spending is for enhanced cybersecurity, with more than a third of the funds (36.3 percent) slated for this vital mission, which includes cybersecurity training, hiring IT personnel, cybersecurity assessments, and software improvements. Some states — including Illinois (whose voter registration database was breached by Russian hackers) and New York — plan to allocate all of their funds to cybersecurity.

Not far behind in amount being spent is for the purchase of new voting equipment (27.8 percent of funds), toward which six states — Alaska, Arkansas, Delaware, Louisiana, North Dakota, and Pennsylvania — plan to devote the entirety of their allotted funds. With the exception of North Dakota, these states use paperless electronic voting machines in some fashion. Experts have warned of the insecurity of these machines for years, and states ought to replace them immediately. Yet the federal funds provided won’t be enough for Delaware, Louisiana, and Pennsylvania to replace all of the paperless electronic voting machines in use in these states. In Pennsylvania, for example, the Brennan Center and Verified Voting estimate that $50.4 to $79.1 million is needed to replace these types of machines statewide — substantially more than the roughly $13.5 million provided by Congress.

And other states that should be replacing these machines don’t plan to spend enough federal money to purchase new voting equipment. Take New Jersey, for example: The Garden State would need to spend between $40.4 and $63.5 million to replace its paperless machines, yet its total federal grant was less than $10 million.

Even assuming states had the funds to replace these machines, doing so is no security panacea. More is needed to protect the vote from cyberattack.

One such measure of a broader cybersecurity defense is a post-election audit. Twenty-four states plan to devote federal funds to this critical measure, accounting for 5.6 percent of total spending. Yet every state with paper records of votes (which should be every state) should conduct robust, post-election audits to confirm the veracity of election results after every election. Risk-limiting audits, in particular — which leverage statistical principles to determine the number of ballots to count, thereby improving efficiency — are an improvement upon traditional audits and considered the “gold standard” of post-election audits. Pilot risk-limiting audits have been conducted or are planned in California, Indiana, Michigan, and Virginia. Colorado and Rhode Island have also embraced risk-limiting audits.

And, of course, states should also look to upgrade and secure voter registration databases and take steps to secure election websites.

Unfortunately, there simply is not enough federal money to go around to cover all of these needed investments in election security. These federal grants were an excellent first step by Congress, but, they’re exactly that — a first step. Now Congress must act again and provide more funding to help states secure the vote. If that doesn’t happen, state and local officials should prepare to step in to fill the void left by Congress.